This page contains a list of all security vulnerabilities fixed in Network Configuration Manager along with its CVE ID and fixed build number. Go to ManageEngine's Security Response Center to report vulnerabilities on ManageEngine products.
| CVE ID | Synopsis | Severity | Fixed in version | Link to latest build |
|---|---|---|---|---|
| CVE-2021-20078 | Folder deletion due to Path Traversal vulnerability in Sparkgateway jar | High | 125362, 125332 and 125347 | Download |
| CVE-2021-3287 | Unauthenticated Remote Code Execution (RCE) vulnerability due to general bypass for the deserialization class. | Critical | 125220/125314 | |
| CVE-2020-12116 | Path Traversal Vulnerability | High | 124196/125125 | |
| CVE-2020-11946 | Unauthenticated access to API key disclosure from a servlet call | High | 124188/125120 | |
| CVE-2020-11527 | File read vulnerability in Arbitrary file | High | 124181 | |
| CVE-2020-10541 | Remote Code Execution (RCE) vulnerability in Mail Server Settings v1 APIs | High | 124172 | |
| CVE-2019-17421 | Incorrect file permissions on the packaged Nipper executable file. | Medium | 124079 & 124099 | |
| Internal | An operator user could access some restricted folders by bypassing the session. | High | 123241 | |
| CVE-2018-19403 | Unauthenticated Remote Code Execution (RCE) vulnerability | High | 123231 | |
| CVE-2018-12997, CVE-2018-12998 | Arbitrary web script injection vulnerability | High | 123169 |